Play.com customers spammed after data breach

In a letter sent out to customers late on Monday evening, the e-commerce firm said that the "security breach" had taken place at a company that handles its marketing communications.

"Unfortunately this has meant that some customer names and email addresses may have been compromised," the security message states.

"We take privacy and security very seriously and ensure all sensitive customer data is protected. Please be assured this issue has occurred outside of Play.com and no other personal customer information has been involved."

Play.com chief executive John Perkins then issued a statement explaining that the firm first became aware of a problem on Sunday when some of its customers reported that they were sent spam to email addresses they only used for Play.com.

"We believe this issue may be related to some irregular activity that was identified in December 2010 at our email service provider, Silverpop. Investigations at the time showed no evidence that any of our customer email addresses had been downloaded," he continued.

"We would like to assure all our customers that the only information communicated to our email service provider was email addresses. Play.com has taken all the necessary steps with Silverpop to ensure a security breach of this nature does not happen again."

The online retailer, one of the largest in the UK after Amazon, has been tight-lipped about the scale of the breach, although it appears that the emails have been sent to all customers as a precaution.

Information such as names and email addresses can be used by cyber criminals in spam campaigns, or to try to extort more sensitive financial information through phishing attacks.

"We often take great care with our personal financial information and dealing with banks online. But personal information can and is obtained often through sites or sources that you wouldn't necessarily think would be a target," warned Garry Sidaway, director of security strategy at security consultancy Integralis,

"Information is valuable no matter where it is stored, and clicking on links in emails or responding to requests for password changes is a no no."

This is not the first time that the online retailer has had data security issues. Two years ago it was hit by problems affecting its online ordering system when many customers received emails for orders they had not placed.

On opening the emails the customers found the names, addresses and other contact details of other Play.com customers.

Source: http://www.v3.co.uk/v3-uk/news/2036010/playcom-customers-spammed-breach#ixzz1HKWSoDEx (Article) & http://www.softize.net/wp-content/uploads/2010/12/spam-email1.jpg (Picture)